Vijaya Bank, a mid-size nationalised banking institution operating across India had started its journey from Mangalore district of Karnataka in 1931. Gradually, it expanded the reach across the state before it gained a scheduled bank status in 1958. Around 1968, the bank was merged with nine other banks and converted into a nationalised bank on 15 April 1980.

Q. From IT and security perspective, which are the key objectives banks should plan to enhance info security for the organisation and customers?

All the information security initiative should not be only for transactional security but also revolve around customer centric security. All changes to systems and new initiatives should be subjected to a well-defined and holistic cyber security risk management process in order to protect critical banking data.

The broad objective of bank’s information security framework should be:1. Continuous monitoring to tackle new and evolving vulnerabilities2. Constant review of bank’s cyber environment3. Continuous cyber security risk management4. Compliance to the key infosec guidelines and regulations5. Reporting and cyber security governance6. Education and awareness of all stakeholder is the key

Q. Overall, what should be the IT strategy of banks? And can you tell us about key IT initiatives undertaken by Vijaya Bank over the past year or so.

IT strategy of the banks should be purely innovative to meet the customer’s expectation and remain competitive. Banks’ IT strategy should be based on:1. Customer centric designs2. Personalization3. Customer behaviour analysis using analytics.

Major projects undertaken by Vijaya Bank in last one year are aimed to improve the security of the organization. The projects includes a Security Operations Centre (SOC) and deployment of IT Governance Risk Management & Compliance (GRC) solution.

SOC allows the internal monitoring of organization’s network infrastructure on a 24x7 basis. Also, the bank has implemented a dedicated Security Information and Event Management (SIEM) system to monitor logs on 24x7 basis and have enhanced cyber forensic capabilities.

Besides, IT GRC solution is being implemented to improve the security of the organization and currently it is in the final stage.

This solution will help the organization to update risk levels of assets based on vulnerabilities identified by the bank and also generate risk metrics to highlight key risks for each business unit and more.

Q. Smart phones and social media like Facebook and Twitter are becoming the new retail banking and self-service platforms for customers today. So, can you share your thoughts in context to Indian banking sector.

Many banks across globe leverage social platforms like Facebook and Twitter in order to build reputation and provide banking services to customers. Social media helps banks and financial institutions to better understand customer preferences and behaviours.

These platforms can also be used for selling banking products. But these channels are not matured for providing banking services to customers in India.

Q. As a CISO, in your own perspective, which are the potential threat factors for banking organisations in India on the back-off expanding online and mobile platforms?

At this point of time I assume mobile malware, a relatively smaller threat for banks but situation could worsen as mobile banking becomes more prevalent. On the other hand the cyber-attacks on banks could be a possible bigger risk because it gives the terrorist a bigger avenue to disturb national economy.

However, at present the bigger challenges for banks are advanced persistent threats (APTs), Denial of Service (DoS), Malware and Social engineering.

Q. Lastly, are Indian banking organisations security proof because hardly any banks ever reports of breaches or cyber-attacks? Your comments.

Cyber-attacks on one bank should be used by other bank as a learning lesson and strengthening their IT setup and thus all cybercrimes and online thefts should be reported to institutions like CERT-IN in India.

Sponsored Stories

Subscribe to our Newsletters

In an interview with ETCIO, Kedar Upadhye, Jt President & Global CFO, Cipla, throws light on some innovative IT projects that Cipla has implemented,as part of its digital transformation strategy, to fuel business growth.

Sudhanshu Pokhriyal, President of Textiles at Raymond, firmly believes that digital transformation is a top-down approach. Taking the lead on the initiative, he has devised an innovative digital strategy that enhances customer experience while helping retailers in their business.